Over 240K Willow Pays records leaked by unsecured database

Willow Pays, a Chicago-based bills payment platform, had 241,970 records exposed due to a misconfigured database that neither had password nor encryption protections, according to Hackread.

Information discovered within the unsecured database included not only bills, repayment schedules, mailing lists, settings, and snapshots detailing names, credit limits, and email addresses, but also a spreadsheet with data from 56,864 individuals, which may include current and prospective clients, as well as blocked accounts, an investigation by cybersecurity researcher Jeremy Fowler published on Website Planet revealed. Willow Pays has already moved to limit access to the database following advice from Fowler, who warned about the potential exploitation of publicly exposed information in phishing and account takeover intrusions. Escalating cybersecurity threats against the financial industry should prompt the adoption of more robust cybersecurity measures among financial software vendors, including data encryption, multi-factor authentication, and consistent security evaluations, according to security experts.